Speak Up Platform
Privacy Policy

Introduction

Kaizen Institute (KI) is committed to upholding the integrity of the Kaizen Global Group of Companies (KGGC). In acknowledgment of the value of transparency throughout the organization and the well-being of its members and stakeholders, it has implemented a whistleblowing system: the Speak Up Platform. This platform serves to safely raise serious and sensitive compliance concerns without fear of reprisal or retaliation.

In this Speak Up Platform Privacy Policy (SPPC) you will find descriptions of the use of personal data collected, the purpose of data collection, and steps to follow when using the Speak Up Platform.

What to Report

One may raise concerns about behavior or breach of KI’s policies and/or guidelines including, but not limited to, the Code of Conduct (CoC) and ESG and DEI policies. All policies and guidelines can be found in the KAIZEN™ Information Management (KIM) system, under FINANCE / ADMIN / Internal Guidelines and Policies. For non-KI members, please refer to the downloadable PDFs: Code of Conduct, DEI Policy, and ESG Policy.

Other topics of concern that may be reported:

  • Criminal offence (e.g. breach of contract, unlawful activity, terrorism)
  • Environmental damage
  • Ethical misconduct (e.g. bullying, harassment, discrimination)
  • Financial misconduct (e.g. corruption, fraud, bribery)
  • Health + Safety risks for people
  • Human rights violation
  • Other (or unsure how to classify)

The following information is necessary to include in a report:

  • Country of residence
  • Method of further communication, if needed
  • Relationship with Kaizen Institute
  • Topic of concern
  • Date of incident
  • Country of incident
  • How you learned of the incident
  • Description of the incident
  • People or functions already informed of the incident and actions taken, if any.

Who Can Report?

Any person who is or has been in contact with KI or any of its personnel. This includes, but is not limited to, the following:

  • KI members
  • KI volunteers or trainees (paid or unpaid)
  • Self-employed persons / Freelancers working under KI’s direction
  • Workers of KI’s clients
  • Any people in a pre-contractual or post-contractual stage of a professional relationship with KI
  • Visitors during recruitment process
  • Visitors for other purposes
  • People who previously worked for KI.

Confidentiality

One of the main goals of the Speak Up Platform is safeguarding the confidentiality and security of all information reported. Preserving the identity of the individual who speaks up is crucial when the platform is utilized. Whether or not the reporter discloses their identity, their report will be treated with confidentiality and handled accordingly. It is important to consider that opting to remain anonymous may restrict the capacity to provide direct assistance and safeguarding.

If the reporter chooses to report anonymously and not provide their identification, there are two methods of communication they must choose from: logging in to the Speak Up Platform (they must login to see received messages) or using an anonymous email address (which will translate into their personal email on the fly). To elaborate, the latter option means no one, including the Speak Up team, has access to the reporter’s personal email address.

Limits to Confidentiality

Details about the reporter’s identity will only be revealed with explicit consent or in rare cases where legal permissions or mandates allow or demand disclosure. In some cases, information could be disclosed to authorities if an unlawful act or a public safety threat occurs. In such cases where the reporter’s identity must be revealed to the authorities due to legal mandates, we would inform the reporter.

False Accusations and Retaliation

If a report’s investigation leads to the result of a false accusation, the necessary process will be carried out so that the reporter of said accusation undergoes the corresponding internal disciplinary action. If a reporter makes a disclosure in good faith and honestly, but it is not confirmed by an investigation, the reporter’s concern will be recognized the reporter will have nothing to fear.

No individual is permitted to harm or intimidate another individual based on the suspicion or belief that they have reported or will express concerns under any of KI’s policies and guidelines. Detrimental actions encompass discrimination, harassment, causing physical or psychological harm, property damage, altering an employee’s responsibilities, and more. Anyone initiating such harmful behavior will face disciplinary measures, such as suspension, mandatory training, or in some cases contract termination.

Internal vs. Legal Pursuit

The Speak Up team is responsible for receiving, processing, and closing all reports sent through the Speak Up Platform as soon as possible while following this policy’s regulations and maintaining the reporter’s sense of privacy. This may include investigating reports, regularly updating and communicating with reporters, and informing authorities when required. All team members work anonymously so that the platform’s use will maintain its secure and unbiased mission.

It is important that users of the Speak Up Platform are aware of the scope of the Speak Up team’s actions upon receiving a report. Please note that the effects of said report are purely internal, as the team is not empowered to judge or legally pursue the situation or events that occurred or are occurring. The Speak Up team’s competence is limited to taking internal disciplinary action when necessary. KI encourages approaching relevant legal authorities if the situation warrants it. Please note that this tool is available worldwide.

Below is a summarized process map of the process for reviewing submitted reports.

Data Collection and Storage Process

KI acknowledges the sensitivity of data shared and prioritizes its protection through stringent data privacy protocols. All data collected through the Speak Up Platform is collected to improve internal processes. The process of which data is collected complies with legal requirements and, if applicable, regulatory and/or national rules specific to the reported concern. Rules and regulations of General Data Protection Regulation (GDPR) is to be applicable regarding personal data of the reporter or other stakeholders. Under the GDPR, this is in accordance with article 6 (1) (c).

For the purpose mentioned above and depending on the report’s concern, the following data is collected:

  • A description of the alleged violation, including names of any persons involved and the date and place of the violation
  • Specify if any other person, within or outside of KI, knows of the violation or is expected to have this knowledge as well
  •  Any document(s) or evidence relevant to the possible violation attached when filing a report
  • Any other details or information that may facilitate the investigation.

All data collected through the Speak Up Platform is stored in an independent database detached from the database that serves KGGC’s data. This allows for the highest level of confidentiality and security of data for the Speak Up Platform’s users.

A report’s file (original report, relevant data, documents, communication, etc.) is stored in the database for ten years (or according to regional data storage laws) from the submission date. Once a file has reached the deadline, all its content is permanently deleted with no access. Files are stored to identify patterns and support other cases, such as identifying false accusations, retaliation, or other.

Please note there is no log of IP addresses, machine IDs, serial numbers, or any other information of the device on which the report is sent.

Reporter’s Legal Rights

This Speak Up Platform Privacy Policy has been written to address the protection and safeguarding of individuals engaged in Kaizen Institute’s Speak Up Platform and its reporting procedures. The legal parameters governing the extent of these rights’ protection shall be followed in accordance with the jurisdiction of the respective reporter’s domicile.

Data Privacy

KI recognizes that personal data must be treated with caution. We are committed to conducting our business in accordance with all relevant data protection and privacy laws of the countries in which we operate along with Regulation (EU) 2016/679 (“GDPR”) and in line with the highest standards of ethical conduct. KI is committed to collecting and processing personal data fairly and lawfully, respecting individual rights and choices and managing personal data responsibly.